Homomorphic database operations apparatuses, methods and systems

ABSTRACT

The HOMOMORPHIC DATABASE OPERATIONS APPARATUSES, METHODS AND SYSTEMS (“HEDO”) transform transaction storage requests and homomorphic model queries using HEDO components into homomorphic model query results. In some implementations, the disclosure provides a processor-implemented method of securely querying a shared homomorphically encrypted data repository and performing cross-table homomorphic joins.

PRIORITY CLAIM

This application claims priority to United States provisional patentapplication Ser. No. 61/861,368, filed Aug. 1, 2013, attorney docket no.532US01, entitled “Homomorphic Database Operations Apparatuses, Methodsand Systems.” The aforementioned application is all hereby expresslyincorporated herein by reference.

This application for letters patent disclosure document describesinventive aspects that include various novel innovations (hereinafter“disclosure”) and contains material that is subject to copyright, maskwork, and/or other intellectual property protection. The respectiveowners of such intellectual property have no objection to the facsimilereproduction of the disclosure by anyone as it appears in publishedPatent Office file/records, but otherwise reserve all rights.

FIELD

The present innovations generally address the creation, maintenance,population and querying of secure databases containing full or partialdata values stored using somewhat homomorphic, fully homomorphic, orother encryption scheme(s), and more particularly, include HOMOMORPHICDATABASE OPERATIONS APPARATUSES, METHODS AND SYSTEMS.

However, in order to develop a reader's understanding of theinnovations, disclosures have been compiled into a single description toillustrate and clarify how aspects of these innovations operateindependently, interoperate as between individual innovations, and/orcooperate collectively. The application goes on to further describe theinterrelations and synergies as between the various innovations; all ofwhich is to further compliance with 35 U.S.C. §112.

BACKGROUND

Consumers engaging in transactions create large amounts of data, some ofwhich may include private information. For example, a consumer's bankaccount number, balance, or mailing address may be private information.When making purchases, consumers may choose between multiple merchantsoffering similar services and in competition with one another. Merchantsmay desire to optimize the manner in which they attract and/or retaincustomers.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying appendices and/or drawings illustrate variousnon-limiting, example, innovative aspects in accordance with the presentdescriptions:

FIG. 1 shows an example block diagram illustrating aspects of the HEDO,in one implementation of the HEDO operation;

FIG. 2 shows an example data flow illustrating aspects ofhomomorphically encrypted database transaction data aggregation, in oneimplementation of the HEDO operation;

FIG. 3 shows an example data flow illustrating aspects of querying andjoining homomorphically encrypted databases, in one implementation ofthe HEDO operation;

FIGS. 4A-B show an example logic flow illustrating aspects of performinghomomorphic joins, e.g., an example HJ Component, in one implementationof the HEDO operation;

FIG. 5 shows an example logic flow illustrating aspects of homomorphiccalculations in database space, e.g., an example HOP Component, in oneimplementation of the HEDO operation;

FIG. 6 shows an example logic flow illustrating aspects of generatingHEDO packages, e.g., an example GHP Component, in one implementation ofthe HEDO operation;

FIGS. 7A-G show example user interfaces illustrating aspects of theHEDO, in one implementation of the HEDO operation; and

FIG. 8 shows a block diagram illustrating aspects of an exemplaryembodiment of a HEDO user interface controller, in one implementation ofthe HEDO operation.

FIGS. 9-12 illustrate further aspects of the HEDO, in one implementationof the HEDO operation.

The leading number of each reference number within the drawingsindicates the figure in which that reference number is introduced and/ordetailed. As such, a detailed discussion of reference number 101 wouldbe found and/or introduced in FIG. 1. Reference number 201 is introducedin FIG. 2, etc.

DETAILED DESCRIPTION HEDO

The HOMOMORPHIC DATABASE OPERATIONS APPARATUSES, METHODS AND SYSTEMS(hereinafter “HEDO” user interface) transform transaction dataaggregation and homomorphic database model queries, via HEDO components,in response to user activities. In some embodiments, this is carried outin real time.

FIG. 1 shows an example block diagram illustrating aspects of the HEDO,in one implementation of the HEDO operation. In some embodiments, amerchant 102 a may wish to store their transaction data in a sharedhomomorphic database along with their competitors' data, e.g., 101 b. Inso doing, the merchant can query the data to determine how they compareagainst competitors using a variety of comparison metrics without havingaccess to their competitors' underlying data. Similarly, competitors canperform such queries without having access to the merchant's specificdata. In one embodiment, a pay network server 102 a may wish tooutsource the storage and the querying of transaction data and mayforward data that the server receives from merchants and consumersengaging in transactions, e.g., 102 b. However, the pay network servermay wish to maintain tight controls over the data such as limiting whocan see the data stored as well as having assurances that important datapoint values remain encrypted when stored using the outsourced solution.In one embodiment, HEDO server 103 a a may aggregate data from afinancial payment network and store it such that the data is encryptedand has semantic security. Semantic security in this context meaningthat an adversary with possession of the stored data would be unable todetermine substantial properties or values of the stored data. In someembodiments, the HEDO server 103 a a may allow access to the storedencrypted data and may perform operations to evaluate encrypted modelsthrough the use of homomorphic operations including homomorphiccross-table joins, e.g., 103 b.

FIG. 2 shows an example data flow illustrating aspects ofhomomorphically encrypted database transaction data aggregation, in oneimplementation of the HEDO operation. In one embodiment, a transactioninput 202 a may be forwarded to merchant transaction server 201 a, 201b. The merchant transaction server may process the transaction andinitiate a transaction storage request 203 a,203 b to HEDO client 204. Atransaction storage request may be a request to encrypt certain valuesin the transaction storage request while leaving other valuesunencrypted, and facilitate the insertion of those values and thatrecord into an HEDO repository server. In one embodiment, an HEDOpackage may be generated 205 upon the processing of the transactionstorage request. Further detail with regard to HEDO package generationmay be found with respect to FIG. 6, e.g. a GHP component 600. In oneembodiment, grouping keys that may be utilized by the HEDO client, theHEDO server, and/or the HEDO repository server at a future point may begenerated during the creation of the HEDO package. In one embodiment,the grouping keys are inserted 206 into an HEDO client database 207. Inother embodiments, the grouping keys may be retransmitted back to themerchant transaction server, forwarded to the HEDO server, stored in theHEDO repository, and/or the like. In one embodiment, the HEDO client maythen transmit an HEDO package storage request 208 to HEDO server 209.The HEDO server may then store the package contents in a repository. Anexample HEDO repository server schema suitable for storing merchanttransaction server transaction storage requests, substantially in theform of SQL statements is:

CREATE TABLE IssuerE  (Number VARCHAR(16) PRIMARY KEY ); CREATE TABLEMerchantE  (Number VARCHAR(16) PRIMARY KEY,   Category CHAR(4) NOT NULL); CREATE TABLE CardholderE  (Number VARCHAR(250000) PRIMARY KEY,--HOMOMORPHICALLY ENCRYPTED   Surname VARCHAR(64) NOT NULL,   IssuerVARCHAR(16) NOT NULL,   Product VARCHAR(3) NOT NULL,   RiskVARCHAR(50000) NOT NULL --HOMOMORPHICALLY ENCRYPTED ); CREATE TABLETransactionE  (Number VARCHAR(64) PRIMARY KEY,   Merchant VARCHAR(16)NOT NULL,   Cardholder VARCHAR(250000) NOT NULL, --HOMOMORPHICALLYENCRYPTED   Type VARCHAR(3) NOT NULL,   Amount VARCHAR(250000) NOT NULL--HOMOMORPHICALLY ENCRYPTED ); CREATE TABLE PurchaseE  (TransactionVARCHAR(64) NOT NULL,   Surname VARCHAR(2048000) NOT NULL,--HOMOMORPHICALLY ENCRYPTED   Merchant VARCHAR(16) NOT NULL,   ProductVARCHAR(32) NOT NULL,   Quantity INTEGER NOT NULL ); CREATE TABLEProductE  (Code VARCHAR(32) PRIMARY KEY,   Good VARCHAR(256) NOT NULL,  Price DECIMAL(6,2) NOT NULL );

An example alternative HEDO repository server schema suitable forstoring merchant transaction server transaction storage requests andmaintaining grouping values for use with grouping keys, substantially inthe form of SQL statements is:

  CREATE TABLE IssuerE  (Number VARCHAR(16) PRIMARY KEY ); CREATE TABLEMerchantE  (Number VARCHAR(16) PRIMARY KEY,   Category CHAR(4) NOT NULL); CREATE TABLE CardholderE  (Number VARCHAR(250000) PRIMARY KEY,  Number_grp VARCHAR(250000) NOT NULL,   Number_gkey VARCHAR(250000) NOTNULL,   Surname VARCHAR(64) NOT NULL,   Issuer VARCHAR(16) NOT NULL,  Product VARCHAR(3) NOT NULL,   Risk VARCHAR(50000) NOT NULL,  Risk_grp VARCHAR(50000) NOT NULL,   Risk_gkey VARCHAR(50000) NOT NULL); CREATE TABLE TransactionE  (Number VARCHAR(64) PRIMARY KEY,  Merchant VARCHAR(16) NOT NULL,   Cardholder VARCHAR(250000) NOT NULL,  Cardholder_grp VARCHAR(250000) NOT NULL,   Cardholder_gkeyVARCHAR(250000) NOT NULL,   Type VARCHAR(3) NOT NULL,   AmountVARCHAR(250000) NOT NULL,   Amount_grp VARCHAR(250000) NOT NULL,  Amount_gkey VARCHAR(250000) NOT NULL ); CREATE TABLE PurchaseE (Transaction VARCHAR(64) NOT NULL,   Surname VARCHAR(2048000) NOT NULL,  Surname_grp VARCHAR(2048000) NOT NULL,   Surname_gkey VARCHAR(2048000)NOT NULL,   Merchant VARCHAR(16) NOT NULL,   Product VARCHAR(32) NOTNULL,   Quantity INTEGER NOT NULL ); CREATE TABLE ProductE  (CodeVARCHAR(32) PRIMARY KEY,   Good VARCHAR(256) NOT NULL,   PriceDECIMAL(6,2) NOT NULL );

In some embodiments, the repository is an open source or commercialdatabase running and in communication with the HEDO server 209.Databases suitable for this purpose include but are not limited toPostgreSQL, MySQL, Oracle, and/or the like. In other embodiments, theHEDO repository may be contained on a different server such as the HEDOrepository server 211, and/or the HEDO client 204 itself. In oneembodiment, homomorphically encrypted values, homomorphic encryptedgrouping values, and/or unencrypted data values, e.g., 210, may beforwarded from the HEDO server 209 to the HEDO repository server 211.The HEDO repository server 211 may then perform an insertion into therepository of the encrypted and non-encrypted values, 212. In someembodiments, the HEDO repository server may be a database server that isconfigured with user-defined functions to further process the encryptedand/or unencrypted values contained in homomorphic insertion 212. Forexample, in one embodiment, all of the data forwarded to the HEDOrepository server 211 may be in unencrypted form. In such embodiments, auser defined function, stored procedure, and/or the like running and incommunication with HEDO repository server 211 may selectively orcompletely encrypt the values from homomorphic insertion 212 usingeither deterministic or non-deterministic homomorphic encryption. Anexample user defined function suitable for encrypting a binary decimalvalue (such as a digit of a credit card number), substantially in theform of Python executable code is:

  def BCD_Encrypt(Number,Lambda,p):  number = abs(Number) % 10 # ensure0-9 [no A-F!]  Eight = ((Number & 0x08) != 0)  Four = ((Number & 0x04)!= 0)  Two = ((Number & 0x02) != 0)  One = ((Number & 0x01) != 0)  BCD =[Encrypt(One ,Lambda,p),\   Encrypt(Two ,Lambda,p),\   Encrypt (Four,Lambda,p),\   Encrypt(Eight,Lambda,p)]  return BCD

In other embodiments, more complicated validation may be performed onthe data before or after encryption. An example of such a validation maybe the LUHN algorithm used for validating credit card numbers. Anexample implementation of the LUHN algorithm, suitable for use onhomomorphically encrypted HEDO data, substantially in the form of Pythoncode is:

def LuhnAlgorithm(BCD,PAN_Length) :  Zero = cZERO; Tally0 = BCD_Zero;Tally1 = BCD_Zero; Tally2 = BCD_Zero  # Double the BCD values ofselected digits  # starting at the check digit.  for Position inrange(PAN_Length-2,-1,-2):   Digit = BCD[Position]   [Digit0,Digit1] =BCD_Double (Digit)   Digit = BCD_Resolve(Digit0,Digit1)   BCD[Position]= Digit  # Sum all the resulting digits, producing  # a tally of theirvalues.  for Position in range(PAN_Length):   Digit = BCD[Position]  Answer = BCD_Sum(Tally0,Tally1,Tally2,Digit)   Tally0 = Answer[0];Tally1 = Answer[1]; Tally2 = Answer [2]  # Return the least significantBCD digit  # (modulo ten operation).  return Tally0

FIG. 3 shows an example data flow illustrating aspects of querying andjoining homomorphically encrypted databases, in one implementation ofthe HEDO operation. In one embodiment, user 301 may initiate a modelquery input 302. A model query input may consist of a query or queryparameters that are suitable for querying an HEDO repository. In oneembodiment, suitable query models may be stored on HEDO server 310, andcalled by name by user 301 in a model query input 302. In oneembodiment, HEDO server 310 may contain a parameterized query which themodel query input may invoke by name. For example, a query “loyaltycomparison” stored on or in communication with the HEDO server may beinvoked through a model query referencing the query by name andproviding suitable parameters such as a merchant identifier, issueridentifier, and/or the like. Example model query requests may be foundherein and particularly with respect to FIG. 7.

In one embodiment, the model query request 303 is forwarded to HEDOclient 304. The HEDO client may convert the model query to HEDO queries,may determine the join, order, and/or grouped by tables required toexecute the query, and/or retrieve grouping keys from a database incommunication with the HEDO client, e.g., 305. In one embodiment, theHEDO client 304 may request grouping keys from HEDO client database 307,e.g., request grouping keys 306. The database may retrieve keysassociated with tables of the query that may require aggregation,cross-table joining, and/or the like. In one embodiment, the HEDO clientmay forward an HEDO model query request containing HEDO queries and,optionally, required grouping keys, e.g. 309 to HEDO server 310. Anexample HEDO model query request, substantially in the form of anHTTP(S) POST message including XML-formatted data, is provided below:

POST /hedo_model_query_request.php HTTP/1.1 Host: www.hedoserver.comContent-Type: Application/XML Content-Length: 667 <?XML version = ″1.0″encoding = ″UTF-8″?> <hedo_model_query_request>  <timestamp>2020-12-1215:22:43</timestamp>  <user_name>HEDO_CLIENT</user_name>  <credentials>  <password>secretpass1234</password>  <private_key>h767kwjiwnfe456#@hnniimidrtsxbi</private_key> </credentials>  <model_query name=″loyalty_comparison″>   <query num=1>   select MerchantE.Category into MCC from    MerchantE whereMerchantE.Number = ′{Merchant}′   </query>   <query num=2>    selectCardholderE.Surname, TransactionE.Amount    from TransactionE,CardholderE where    CardholderE.Number = TransactionE.Cardholder    andTransactionE.Merchant = ′{Merchant}′   </query>   <query>    ...  </query>  </model_query>  <grouping_keys>   <groupname=″CardholderE.Number = TransactionE.Cardholder″>    <table1name=″CardholderE″ field=″Number″>     <key value=″id:1-2000″>     Jukyftrddesrsdxerr43ser43wshryt     Erwsadxtyjfgkftyresagt43esy45wuykg     Sre4fytkuhopj;/945ur6tsgred-yukg     </key>     <keyvalue=″id:rest″>      ...     </key>     <key default=″true″>      ...    </key>     <key>      ...     </key>    </table1 >    <tableN>    ...    </tableN>   </group>  </grouping_keys></hedo_model_query_request>

In some embodiments, HEDO server 310 may receive the model query requestand extract individual HEDO query operations, e.g., 311. For example, inone embodiment, an HEDO model query may contain multiple queries. Anexample first query may include a query that determines a merchant'scustomer loyalty score. In such an embodiment, a second query may thendetermine the loyalty scores of the merchant's customers with respect toother merchants in competition with the querying merchant. In so doing,the HEDO server may execute multiple discrete model queries and,optionally, integrate the resultant values either through SQLaggregation options, user-specified function processing, and/or thelike. In one embodiment, a first HEDO query 312 is forwarded to the HEDOrepository 313. As discussed herein, in some embodiments, the HEDOrepository is in fact a database in communication with HEDO server 310.In other embodiments, the repository is stored on a third-party cloudprovider platform such as Amazon AWS™, RackSpace Cloud™, and/or thelike.

In one embodiment, the HEDO repository may determine that multipletables are required to be queried in order to successfully process thequery, and may further determine that table values that are to be joinedon are in fact homomorphically encrypted values. The HEDO repository mayprocess the HEDO query and perform the required homomorphic joins, e.g.314. Further detail regarding performing homomorphic joins may be foundwith respect to FIGS. 4A-B, e.g., an example HJ Component 400. In someembodiments, the homomorphically joined tables may require additionalhomomorphic calculations to be performed on the results set in order tocomplete the HEDO query execution, e.g., 315. For example, thehomomorphically joined results set may require summation. However,because the values are homomorphically encrypted, traditional or defaultsummation interfaces integrated into the database software may not besuitable for performing summations on large or complex data values suchas may be found with respect to homomorphic encryption. As such,specialized homomorphic operations may be performed on homomorphic datainstead of the normal equivalent database operations. In otherembodiments, the HEDO repository may determine that the interfacesintegrated into the database software are suitable for performingcalculations on homomorphically encrypted data. Periodically, the HEDOrepository may re-crypt, truncate, and/or reset the length of a final orinterim homomorphic calculation value in order to maintain the abilityfor the HEDO repository and/or an underlying database implementation tobe able to maintain the values and usable form. Further detail withregard to performing homomorphic calculations, re-crypting, truncating,and/or resetting the length of homomorphic calculation outputs (e.g.,“Homomorphic garbage collection”), may be found with respect to FIG. 5,e.g., an example HOP component 500. In one embodiment, upon thecompletion of the homomorphic calculations on the HEDO repositoryresults set, aggregation, grouping and/or ordering of the return valuesmay be required. These operations may, in one embodiment, be performedon homomorphically encrypted data. As such, facilities such as thosedescribed with respect to homomorphic joins may be employed in order tofacilitate the grouping, ordering, and/or other aggregation of theresults set. In one embodiment, wherein the aggregation column returnedfrom the HEDO repository has been encrypted using a key that is known orobtainable, the HEDO repository may use the key to decrypt andgroup/order on a homomorphically encrypted field, e.g., 316. In oneembodiment, the HEDO repository may return the results, e.g., HEDOresults response 317. An example HEDO results response, substantially inthe form of an HTTP(S) POST message including XML-formatted data, isprovided below:

POST /hedo_results_response.php HTTP/1.1 Host: www.hedoserver.comContent-Type: Application/XML Content-Length: 667 <?XML version = ″1.0″encoding = ″UTF-8″?> <hedo_results_response>  <timestamp>2020-12-1215:23:18</timestamp>  <user_name>HEDO_REPOSITORY_SERVER</user_name> <credentials>   <password>secretpass5678</password>  <private_key>TGDFRRED456#@hnniimidrtsxbi</private_key>  </credentials> <query_results name=″loyalty_comparison″>   <component val=″1″name=″merchant_customer_loyalty″>    <res type=″homomorphic_encrypted″>     {merchant}'s customers are {crypt_loyal_val} loyal    </res>   <val name=″crypt_loyal_val″      decryptable_by=″client_server_only″     HEDO_server_can_decrypt=″false″>     111010001000101111111000001111    0001110111100011010101111101111    </val>   </component>  <component val=″2″ name=″customer_market_loyalty″>    <restype=″cleartext_result″ cmployal=″78%″>      Merchant {merchant}'scustomers are {cmployal}      more loyal to competitors among the groupGap      and Nordstrom    </res>   </component>  </query_results><hedo_results_response>

The HEDO server may perform post-processing of the query results and/orsupplemental aggregation 318. It should be noted that alternativeimplementations of the HEDO may perform homomorphic joining, homomorphicaggregation, homomorphic grouping, and/or the like at any point in thedata path. In so doing, and HEDO may be configured such that more orless computation may be outsourced to a third-party less-trusted serverdepending on varying levels of user risk tolerance. An exampleimplementation wherein HEDO server 310 performs homomorphicaggregation/grouping on a result set returned from HEDO repository 313,written substantially in the form of executable Python code is:

def Query(Parameters):  #Execute HEDO query  SQL_Command =Query1A.format(**Parameters)  Cursor.execute(SQL_Command)  Rows =Cursor.fetchall( )  Results = list( ); MyResults = list( )  for Row inRows:   Risk = Encryption.ASCII_Decrypt(eval(Row[0]),Encryption.p)  Count = Row[1]   Results.append(list([Risk,Count]))  print ′A totalof′,len(Results),′rows were returned.′  # Perform HEDO aggregation inmemory on server  RiskValues = sorted(map(lambda x: x[0], Results)) RiskValues = [k for k,g in itertools.groupby(RiskValues)]  for Risk inRiskValues:   Members = [Item for Item in Results if     Item[0] ==Risk]; Count = 0   for Member in Members:    Count += Member[1]   print′Risk level′,Risk, ′had′,Count, ′rows.′   Count =Encryption.Binary_Encrypt     (Count,Encryption.Lambda,Encryption.p)  MyResults.append     (dict(zip(Query1Fields,list([Risk,Count])))) print

In one embodiment, HEDO server 310 may return the aggregated results toHEDO client 304, e.g., HEDO model query results 319. As discussed above,the HEDO client may perform supplemental client-side HEDO resultprocessing 320. For example, in an HEDO configuration wherein the keysrequired to properly aggregate and/or group result data are unavailableto the HEDO server, the HEDO client may perform the role of aggregatorwhile the HEDO server and/or HEDO repository performs the role ofquerying. Such a configuration may be beneficial in the case where anHEDO client is a trusted server and the HEDO server and/or HEDOrepository are suspect or less-trusted servers. In one embodiment, HEDOclient 304 will return the query results, e.g., model query response 321and the user client device may render the model query output, e.g., 322.

FIGS. 4A-B show an example logic flow illustrating aspects of performinghomomorphic joins, e.g., an example HJ Component, in one implementationof the HEDO operation. In one embodiment, and HEDO query 403 may bereceived from HEDO server 401. The HEDO repository 402, which may itselfbe a server or a database in communication with the HEDO server, mayprocess the HEDO query using a HEDO lexer. A lexical analyzer such asLex and/or other suitable commercial products may be used for thispurpose. In one embodiment, if a query is determined not to spanmultiple tables 405, a signal may be sent to the default database queryexecutor to handle the non-joined query 406. In other embodiments, ifthe query is determined to spend multiple tables, the lex output tokensmay be searched for a joining keyword 407. A joining keyword may be anystandard or nonstandard SQL keyword that designates a joined query.Examples of joining keywords include INNER, OUTER, and/or the like. If ajoining keyword is not found 408, the HEDO repository may in oneembodiment default the query to an INNER JOIN 409. In other embodiments,if a joining keyword is found 408 the type of joining may be determinedbased on the joining keyword token 410. For example, a LEFT join keywordmay instruct the HEDO repository to later select a particularhomomorphic joins strategy based on the joined type. In one embodiment,the tokens may be examined to determine the tables that are joined inthe query 411. Furthermore, the relevant tokens may be further processedor parsed to determine the fields upon which the tables should be joined412. For example, in one embodiment, the text “foo.bar” may signify thatthe “bar” field on table “foo” is to be joined. In one embodiment, theHEDO repository and/or HEDO server may determine if the tables are to bejoined on a homomorphic Lee encrypted value. Homomorphic Lee encryptedfields may have certain characteristics that make JOIN strategiesemployed by open source and commercial database systems ineffective tojoin tables containing homomorphic Lee encrypted values. For example,values that have had homomorphic operations performed upon them may growexponentially in the operations performed. As more and more storage isrequired to encapsulate the record value, joins of homomorphic valuesmay swamp built in joined query executions. Therefore, if the join isnot a homomorphic join 414, the join may be passed to the defaultdatabase query executor such that that query executor may handle thenon-homomorphic join 406. In other embodiments, if the join is ahomomorphic join 414, the HEDO repository 402 may determine ahomomorphic join strategy based on the join column attributes 415. Thejoin column attributes may be attributes that are inherent to the fieldtype of the joined column, such as extremely large variable characterfields or large integer fields used in contexts where smaller storagerequirements would be expected. The join strategy may also be determinedbased on the join column names, comments associated with the joincolumns and stored with the database table, and/or the like. In someembodiments, the homomorphically encrypted field values may have beenencrypted using a deterministic homomorphic strategy. As such, when agiven value such as a consumer's credit card number is deterministicallyhomomorphically encrypted, there can be assurances that futureencryptions of the same value will result in the same ciphertext. Underthis homomorphic join strategy record values for homomorphicallyencrypted data may be directly compared across database tables as theinherent variability and noise associated with various encryptionschemes may have been minimized through the use of a deterministichomomorphic encryption scheme. In one embodiment, if the tables can behomomorphically joined directly on the record values 416, then the joinmay be performed using the appropriate JOIN ON field as though the fieldwere a non-encrypted value 421. In other embodiments, if the tables maynot be homomorphically joined directly on the record values 416, it maybe determined whether the key that was used to homomorphically encryptthe record values is available to the HEDO repository 402, e.g., 417.For example, in one embodiment, the HEDO repository may query an HEDOclient for an encryption key to use in performing the requested join. Inother embodiments, the HEDO repository and/or the HEDO server maydirectly store the required join key or other structure such as agarbled circuit that may be used to perform the join. In one embodiment,the HEDO repository 402 may retrieve the key used to encrypt JOIN ONvalues in each JOIN table 422. The retrieved key may then be used todecrypt the required JOIN ON values 423. In one embodiment, the join maynow be performed using the decrypted JOIN ON values, e.g. 421. In stillother embodiments, if the key that was used to encrypt homomorphicallythe joined record values is not available 417, the HEDO query may beanalyzed to determine if it contains one or more grouping keys 418. Ifno grouping keys are available a non-parsable query exception may begenerated 419 and returned to the HEDO server 401. The HEDO server 401may in turn output a non-parsable query error. In other embodiments, ifthe HEDO query does contain grouping keys 418 the keys may be extractedfrom the HEDO query 421 and a grouping field associated with each columnrequired for the join may be determined 425. Grouping fields may, in oneembodiment, be additional fields that are either added directly to thedatabase table schema or maintained in a hidden table or other structuresuitable for retrieval, such that while the value of the associatedencrypted field may not be available and no information regarding thesimilarity of the unencrypted values may be determined as anondeterministic homomorphic encryption scheme may have been used, thegrouping field may be utilized to enable a database join to becompleted. In some embodiments, the grouping fields may contain valuesthat have been stored as a result of a deterministic encryption scheme.In such embodiments, the penetration or decryption of the encryptedgrouping field values would only compromise the underlying value usedfor grouping or joins. In still other embodiments, the grouping fieldsmay be encrypted using a nondeterministic encryption scheme such thatone or more grouping keys may be required in order to determine theunderlying grouping field value and therefore in order to perform asuccessful join. In one embodiment, if only one grouping keys present426, that grouping key may be assumed to apply to all grouping fieldvalues and as such may be used to decrypt the record values for eachJOIN ON grouping field using the singular key 428. In other embodiments,if more than one grouping keys present 426, the HEDO repository 402 maydetermine whether the plurality of grouping keys may be correlated withrecord ranges in the grouping field that each key correspondinglyencrypts 427. In one embodiment, the plurality of keys may be used todecrypt the grouping field values in total by a applying the decryptionkeys to the various ranges to which they apply 428. In still otherembodiments, if the plurality of grouping keys cannot be definitivelyassociated with the range of grouping field values that they encrypt427, for each key within the plurality of grouping keys the HEDOrepository may decrypt the record values for each JOIN ON grouping fieldusing the cake 429. In one embodiment, the decrypted output values for agiven grouping field value may be examined to determine the value thatis what in the grouping field acceptable value range and that value maythen be used as the decrypted grouping field value 430. In furtherembodiments, upon completion of the decryption, a join may be performedusing the decrypted grouping field values associated with the JOIN ONfield in each table 421.

FIG. 5 shows an example logic flow illustrating aspects of homomorphiccalculations in database space, e.g., an example HOP Component, in oneimplementation of the HEDO operation. In one embodiment, the HEDOrepository 501 may analyze a joined or non-joined query to determinewhich columns or records in the result set require further processing.Further processing may include grouping, aggregation, summation,user-specified function processing, and/or the like 502. In oneembodiment, the processing needs may be used to determine whichunderlying database operations are required to successfully process thequery completely 503. For example, field values may be required to beadded in order to determine a sum value of all records returned.Similarly, result set field values may be required to be comparedagainst each other so as to determine the minimum value within theresult set. However, in some embodiments, the presence ofhomomorphically encrypted data may frustrate the execution of suchdatabase operations. In one embodiment, if the column, record, and/orvalue to be operated upon in the result set is not homomorphicallyencrypted the HEDO repository may invoke the normal underlying databaseoperation on the value 505. In other embodiments, if the value ishomomorphically encrypted 504 the HEDO repository may query ahomomorphic library for a homomorphic operation that may be substitutedfor the database operation. For example, in the case where multiplevalues in a result set must be added in order to determine a finalvalue, the homomorphic library may contain a homomorphically optimizedaddition function to facilitate the adding of homomorphically encryptedvalues 506. In other embodiments, the homomorphic operation is the sameas the default database operation. If a homomorphic operation is notfound, in one embodiment, the default database operation may still beapplied to the data values. In so doing, operations that in their normalusage would work equally well on homomorphically encrypted values may beutilized without modifications for homomorphic encryption. In otherembodiments, if a homomorphic operation is found 507, the homomorphicoperation may be executed on a portion or all of the data values 508. Insome embodiments, the smallest feasible portion of a data value may beused to perform a homomorphic operation. For example, one implementationof a non-homomorphic mean value determination function may sum all ofthe result values and then divide the total by the number of valuesencountered. In a homomorphic version of mean value determination,however, it may be more computationally beneficial to incrementallycalculate the mean as each additional record value is added. In oneembodiment, the required storage attributes for a column or a memorylocation that may hold the resultant value from the homomorphicoperation may be determined 509. If the value resulting from thehomomorphic operation exceeds the required storage attributes 510,homomorphic garbage collection may be performed on the resultant value511. Homomorphic garbage collection may, in some embodiments, be used toshorten or truncate the length of the value produced by a homomorphicoperation. In some embodiments, the garbage collection may take the formof a full decryption followed by a full encryption. In otherembodiments, the garbage collection may take the form of a re-cryptoperation, wherein the actual unencrypted value of the result of thehomomorphic operation is never calculated by the garbage collectionfunction. In one embodiment, if more incremental homomorphic operationprocessing is required 512, the next feasible portion of the data valuemay be homomorphically evaluated along with the previous value, e.g.,508.

FIG. 6 shows an example logic flow illustrating aspects of generatingHEDO packages, e.g., an example GHP Component, in one implementation ofthe HEDO operation. In one embodiment, merchant transaction server 601may transmit a transaction storage request 604 to HEDO client 602. Inone embodiment, the HEDO client may extract values from the transactionstorage request and normalize the data, e.g., 605. Normalizing mayinclude trimming strings, casting values two different data types,querying a data schema table to determine required properties of atransaction storage request value, and/or the like. In one embodiment,the HEDO client may query for a storage schema template 606. The HEDOdatabase 603 may retrieve the template and return an applicable storageschema 607. In one embodiment, the HEDO client may then match the schemametadata values to the normalized data values extracted from thetransaction storage request, e.g., 608. In one embodiment, all of thevalues are marked as unprocessed and the first unprocessed value is thenextracted 609. If the unprocessed value does not need to behomomorphically encrypted 610, the HEDO client may determine whetherthere are more unprocessed values 611. If there are no unprocessedvalues the procedure may exit. If there are unprocessed values the nextunprocessed value may be extracted. If the value under examination doesneed to be homomorphically encrypted 610, the HEDO client may determinewhether a deterministic homomorphic encryption is available 612. If adeterministic homomorphic encryption is available, the value may beencrypted using such a scheme 613. If deterministic homomorphicencryption is not available, the HEDO client may determine whether anondeterministic homomorphic encryption is available 615. If no suchnondeterministic homomorphic encryption is available the client mayreturn a storage encryption error 616. If a nondeterministic homomorphicencryption is available 615, the HEDO client may determine if there is aunitary key used for nondeterministic encryption. If a unitary key isused the HEDO client will load the key 618 and encrypt the values usingthe unitary key 619. If the unitary key is not used for nondeterministichomomorphic encryption 617, the HEDO client may determine if apreviously created grouping key can be used to encrypt the extractedvalues 620. If a previously used grouping key is not available 621, anew grouping key may be created 622. In some embodiments, the groupingkey may be forwarded to an HEDO client database for storage. In otherembodiments, the grouping key may be stored by the HEDO server, the HEDOrepository, the merchant transaction server, and/or the like. In stillother embodiments, the grouping key may be supplemented with metadatasuch as but not limited to, the table, the fields, and/or the range ofvalues that the grouping key encrypts. In so doing, the HEDO may laterutilize the grouping key in performing homomorphic joins, homomorphicaggregation, and/or other homomorphic operations. Once a grouping key isobtained, in some embodiments, the extracted values may be encryptedusing the grouping key 623. If more values are unprocessed 614, theprocedure may repeat, otherwise the procedure may terminate.

FIGS. 7A-G show example user interfaces illustrating aspects of theHEDO, in one implementation of the HEDO operation. In one embodiment,the HEDO user interface 701 a, allows merchants to easily perform usefulqueries against the HEDO database without having access to theunderlying data values. In one embodiment, a merchant may desire todetect fraud, e.g. 701 b, and may define fraud as multiple purchasesmade by the same cardholder at the same merchant type with cards frommultiple issuers. In other embodiments, the merchant may desire tocompare its known customers' transactions to those transactions itscustomers make at the merchants competitors, 701 c. In still otherembodiments, the merchant may desire to know how the risk levelsassociated with its customers compare to those of the customers of itscompetitors, 701 d.

With respect to FIG. 7B, and HEDO user interface, e.g. 702 a, may bepresented for fraud detection. In one embodiment, competitors of themerchant may be displayed 702 b as well as a SQL-like query 702 c thatallows a merchant to specify an issuer for which to determine levels offraud. In other embodiments, other entities such as the issuerthemselves, a consumer and/or the like may utilize the query facilities.In one embodiment, the results of the query are displayed 702 d and showinstances where customers utilize different cards to engage intransactions with merchants of the same type. In still otherembodiments, a table may be displayed containing the customer's lastname, the card number used, as well as the MCC code for the suspectedfraud.

With respect to FIG. 7C, an HEDO user interface 703 a may displayincremental progress as the HEDO server queries the HEDO database. Inone embodiment, the client inputs such as which query to execute, whichissuer to query for, and/or the like, e.g., 703 b, may be displayed. Inother embodiments, differing criterion such as that for a high-endretailer of electronics merchandise may be applied and matching resultsdisplayed 703 c.

With respect to FIG. 7D, the HEDO user interface 704 a, may be utilizedto perform a consumer loyalty comparison for a merchant against othermerchants in a cohort. In one embodiment, competitors of the merchantmay be displayed 704 b, as well as two queries 704 c. In the firstquery, the merchant may desire to determine their own loyalty score. Inone embodiment, in a second query the merchant may desire to determinecustomer loyalty for its customers that shop at the merchant'scompetitors. In such cases, the merchant may not have access to thedirect underlying transaction amount values for the purchases itscustomers make at competing merchants. In one embodiment, customer namesas well as spend amounts with both the merchant and the merchantcompetitors may be displayed 704 d. In some embodiments, a table may beused to compare, by customer, the merchant spend, market spend, totalspend, and/or the like 704 e.

With respect to FIG. 7E, in some embodiments, the HEDO user interface705 a may display a graphical representation that charts consumerloyalty between the merchant and the market as a whole, e.g., 705 b. Themarket in this case being defined as identified competitors of themerchant in question. A relative value of an individual consumer'sloyalty to the merchant and to the merchant's competitors may be shownby dividing an aggregate spend representation into multiple sections,e.g. 705 c.

With respect to FIG. 7F, the HEDO user interface 706 a may be utilizedby a merchant to compare the merchant's customer risk level to thecustomer risk level of its competitors. This comparison may be performedby the HEDO server and database without exposing underlying encrypteddata to the merchant, and while performing operations on storedencrypted data itself. In one embodiment, competitors of the merchantmay be selected 706 b and two queries may be created 706 c. In the firstquery the merchant may desire to learn its risk level. In the secondquery, the risk level associated with the comparison group may beselected and returned. In one embodiment, a merchant may receive alisting of risk levels and the number of its customers at the given risklevel 706 d. In some embodiments, similar summary data regarding risklevels and customer accounts may be displayed for the comparisonmerchant group 706 e. In some embodiments, a table may be used to chartrisk levels of the merchant and the comparison group, e.g., 706 f.

With respect to FIG. 7G, the HEDO user interface 707 a may display agraphical representation comparing risk levels for a merchant andmarket. Percentile values may be graphed for each risk level for boththe merchant and the market, e.g.

HEDO Controller

FIG. 8 shows a block diagram illustrating embodiments of a HEDOcontroller. In this embodiment, the HEDO controller 801 may serve toaggregate, process, store, search, serve, identify, instruct, generate,match, and/or facilitate interactions with a computer through varioustechnologies, and/or other related data.

Typically, users, which may be people and/or other systems, may engageinformation technology systems (e.g., computers) to facilitateinformation processing. In turn, computers employ processors to processinformation; such processors 803 may be referred to as centralprocessing units (CPU). One form of processor is referred to as amicroprocessor. CPUs use communicative circuits to pass binary encodedsignals acting as instructions to enable various operations. Theseinstructions may be operational and/or data instructions containingand/or referencing other instructions and data in various processoraccessible and operable areas of memory 829 (e.g., registers, cachememory, random access memory, etc.). Such communicative instructions maybe stored and/or transmitted in batches (e.g., batches of instructions)as programs and/or data components to facilitate desired operations.These stored instruction codes, e.g., programs, may engage the CPUcircuit components and other motherboard and/or system components toperform desired operations. One type of program is a computer operatingsystem, which, may be executed by CPU on a computer; the operatingsystem enables and facilitates users to access and operate computerinformation technology and resources. Some resources that may beemployed in information technology systems include: input and outputmechanisms through which data may pass into and out of a computer;memory storage into which data may be saved; and processors by whichinformation may be processed. These information technology systems maybe used to collect data for later retrieval, analysis, and manipulation,which may be facilitated through a database program. These informationtechnology systems provide interfaces that allow users to access andoperate various system components.

In one embodiment, the HEDO controller 801 may be connected to and/orcommunicate with entities such as, but not limited to: one or more usersfrom user input devices 811; peripheral devices 812; an optionalcryptographic processor device 828; and/or a communications network 813.

Networks are commonly thought to comprise the interconnection andinteroperation of clients, servers, and intermediary nodes in a graphtopology. It should be noted that the term “server” as used throughoutthis application refers generally to a computer, other device, program,or combination thereof that processes and responds to the requests ofremote users across a communications network. Servers serve theirinformation to requesting “clients.” The term “client” as used hereinrefers generally to a computer, program, other device, user and/orcombination thereof that is capable of processing and making requestsand obtaining and processing any responses from servers across acommunications network. A computer, other device, program, orcombination thereof that facilitates, processes information andrequests, and/or furthers the passage of information from a source userto a destination user is commonly referred to as a “node.” Networks aregenerally thought to facilitate the transfer of information from sourcepoints to destinations. A node specifically tasked with furthering thepassage of information from a source to a destination is commonly calleda “router.” There are many forms of networks such as Local Area Networks(LANs), Pico networks, Wide Area Networks (WANs), Wireless Networks(WLANs), etc. For example, the Internet is generally accepted as beingan interconnection of a multitude of networks whereby remote clients andservers may access and interoperate with one another.

The HEDO controller 801 may be based on computer systems that maycomprise, but are not limited to, components such as: a computersystemization 802 connected to memory 829.

Computer Systemization

A computer systemization 802 may comprise a clock 830, centralprocessing unit (“CPU(s)” and/or “processor(s)” (these terms are usedinterchangeable throughout the disclosure unless noted to the contrary))803, a memory 829 (e.g., a read only memory (ROM) 806, a random accessmemory (RAM) 805, etc.), and/or an interface bus 807, and mostfrequently, although not necessarily, are all interconnected and/orcommunicating through a system bus 804 on one or more (mother)board(s)802 having conductive and/or otherwise transportive circuit pathwaysthrough which instructions (e.g., binary encoded signals) may travel toeffectuate communications, operations, storage, etc. The computersystemization may be connected to a power source 886; e.g., optionallythe power source may be internal. Optionally, a cryptographic processor826 and/or transceivers (e.g., ICs) 874 may be connected to the systembus. In another embodiment, the cryptographic processor and/ortransceivers may be connected as either internal and/or externalperipheral devices 812 via the interface bus I/O. In turn, thetransceivers may be connected to antenna(s) 875, thereby effectuatingwireless transmission and reception of various communication and/orsensor protocols; for example the antenna(s) may connect to: a TexasInstruments WiLink WL1283 transceiver chip (e.g., providing 802.11n,Bluetooth 3.0, FM, global positioning system (GPS) (thereby allowingHEDO controller to determine its location)); Broadcom BCM4329FKUBGtransceiver chip (e.g., providing 802.11n, Bluetooth 2.1+EDR, FM, etc.);a Broadcom BCM4750IUB8 receiver chip (e.g., GPS); an InfineonTechnologies X-Gold 618-PMB9800 (e.g., providing 2G/3G HSDPA/HSUPAcommunications); and/or the like. The system clock typically has acrystal oscillator and generates a base signal through the computersystemization's circuit pathways. The clock is typically coupled to thesystem bus and various clock multipliers that will increase or decreasethe base operating frequency for other components interconnected in thecomputer systemization. The clock and various components in a computersystemization drive signals embodying information throughout the system.Such transmission and reception of instructions embodying informationthroughout a computer systemization may be commonly referred to ascommunications. These communicative instructions may further betransmitted, received, and the cause of return and/or replycommunications beyond the instant computer systemization to:communications networks, input devices, other computer systemizations,peripheral devices, and/or the like. It should be understood that inalternative embodiments, any of the above components may be connecteddirectly to one another, connected to the CPU, and/or organized innumerous variations employed as exemplified by various computer systems.

The CPU comprises at least one high-speed data processor adequate toexecute program components for executing user and/or system-generatedrequests. Often, the processors themselves will incorporate variousspecialized processing units, such as, but not limited to: integratedsystem (bus) controllers, memory management control units, floatingpoint units, and even specialized processing sub-units like graphicsprocessing units, digital signal processing units, and/or the like.Additionally, processors may include internal fast access addressablememory, and be capable of mapping and addressing memory 829 beyond theprocessor itself; internal memory may include, but is not limited to:fast registers, various levels of cache memory (e.g., level 1, 2, 3,etc.), RAM, etc. The processor may access this memory through the use ofa memory address space that is accessible via instruction address, whichthe processor can construct and decode allowing it to access a circuitpath to a specific memory address space having a memory state. The CPUmay be a microprocessor such as: AMD's Athlon, Duron and/or Opteron;ARM's application, embedded and secure processors; IBM and/or Motorola'sDragonBall and PowerPC; IBM's and Sony's Cell processor; Intel'sCeleron, Core (2) Duo, Itanium, Pentium, Xeon, and/or XScale; and/or thelike processor(s). The CPU interacts with memory through instructionpassing through conductive and/or transportive conduits (e.g., (printed)electronic and/or optic circuits) to execute stored instructions (i.e.,program code) according to conventional data processing techniques. Suchinstruction passing facilitates communication within the HEDO controllerand beyond through various interfaces. Should processing requirementsdictate a greater amount speed and/or capacity, distributed processors(e.g., Distributed HEDO), mainframe, multi-core, parallel, and/orsuper-computer architectures may similarly be employed. Alternatively,should deployment requirements dictate greater portability, smallerPersonal Digital Assistants (PDAs) may be employed.

Depending on the particular implementation, features of the HEDO may beachieved by implementing a microcontroller such as CAST's R8051XC2microcontroller; Intel's MCS 51 (i.e., 8051 microcontroller); and/or thelike. Also, to implement certain features of the HEDO, some featureimplementations may rely on embedded components, such as:Application-Specific Integrated Circuit (“ASIC”), Digital SignalProcessing (“DSP”), Field Programmable Gate Array (“FPGA”), and/or thelike embedded technology. For example, any of the HEDO componentcollection (distributed or otherwise) and/or features may be implementedvia the microprocessor and/or via embedded components; e.g., via ASIC,coprocessor, DSP, FPGA, and/or the like. Alternately, someimplementations of the HEDO may be implemented with embedded componentsthat are configured and used to achieve a variety of features or signalprocessing.

Depending on the particular implementation, the embedded components mayinclude software solutions, hardware solutions, and/or some combinationof both hardware/software solutions. For example, HEDO featuresdiscussed herein may be achieved through implementing FPGAs, which are asemiconductor devices containing programmable logic components called“logic blocks”, and programmable interconnects, such as the highperformance FPGA Virtex series and/or the low cost Spartan seriesmanufactured by Xilinx. Logic blocks and interconnects can be programmedby the customer or designer, after the FPGA is manufactured, toimplement any of the HEDO features. A hierarchy of programmableinterconnects allow logic blocks to be interconnected as needed by theHEDO system designer/administrator, somewhat like a one-chipprogrammable breadboard. An FPGA's logic blocks can be programmed toperform the operation of basic logic gates such as AND, and XOR, or morecomplex combinational operators such as decoders or mathematicaloperations. In most FPGAs, the logic blocks also include memoryelements, which may be circuit flip-flops or more complete blocks ofmemory. In some circumstances, the HEDO may be developed on regularFPGAs and then migrated into a fixed version that more resembles ASICimplementations. Alternate or coordinating implementations may migrateHEDO controller features to a final ASIC instead of or in addition toFPGAs. Depending on the implementation all of the aforementionedembedded components and microprocessors may be considered the “CPU”and/or “processor” for the HEDO.

Power Source

The power source 886 may be of any standard form for powering smallelectronic circuit board devices such as the following power cells:alkaline, lithium hydride, lithium ion, lithium polymer, nickel cadmium,solar cells, and/or the like. Other types of AC or DC power sources maybe used as well. In the case of solar cells, in one embodiment, the caseprovides an aperture through which the solar cell may capture photonicenergy. The power cell 886 is connected to at least one of theinterconnected subsequent components of the HEDO thereby providing anelectric current to all subsequent components. In one example, the powersource 886 is connected to the system bus component 804. In analternative embodiment, an outside power source 886 is provided througha connection across the I/O 808 interface. For example, a USB and/orIEEE 1394 connection carries both data and power across the connectionand is therefore a suitable source of power.

Interface Adapters

Interface bus(ses) 807 may accept, connect, and/or communicate to anumber of interface adapters, conventionally although not necessarily inthe form of adapter cards, such as but not limited to: input outputinterfaces (I/O) 808, storage interfaces 809, network interfaces 810,and/or the like. Optionally, cryptographic processor interfaces 827similarly may be connected to the interface bus. The interface busprovides for the communications of interface adapters with one anotheras well as with other components of the computer systemization.Interface adapters are adapted for a compatible interface bus. Interfaceadapters conventionally connect to the interface bus via a slotarchitecture. Conventional slot architectures may be employed, such as,but not limited to: Accelerated Graphics Port (AGP), Card Bus,(Extended) Industry Standard Architecture ((E)ISA), Micro ChannelArchitecture (MCA), NuBus, Peripheral Component Interconnect (Extended)(PCI(X)), PCI Express, Personal Computer Memory Card InternationalAssociation (PCMCIA), and/or the like.

Storage interfaces 809 may accept, communicate, and/or connect to anumber of storage devices such as, but not limited to: storage devices814, removable disc devices, and/or the like. Storage interfaces mayemploy connection protocols such as, but not limited to: (Ultra)(Serial) Advanced Technology Attachment (Packet Interface) ((Ultra)(Serial) ATA(PI)), (Enhanced) Integrated Drive Electronics ((E)IDE),Institute of Electrical and Electronics Engineers (IEEE) 1394, fiberchannel, Small Computer Systems Interface (SCSI), Universal Serial Bus(USB), and/or the like.

Network interfaces 810 may accept, communicate, and/or connect to acommunications network 813. Through a communications network 813, theHEDO controller is accessible through remote clients 833 b (e.g.,computers with web browsers) by users 833 a. Network interfaces mayemploy connection protocols such as, but not limited to: direct connect,Ethernet (thick, thin, twisted pair 10/100/1000 Base T, and/or thelike), Token Ring, wireless connection such as IEEE 802.11a-x, and/orthe like. Should processing requirements dictate a greater amount speedand/or capacity, distributed network controllers (e.g., DistributedHEDO), architectures may similarly be employed to pool, load balance,and/or otherwise increase the communicative bandwidth required by theHEDO controller. A communications network may be any one and/or thecombination of the following: a direct interconnection; the Internet; aLocal Area Network (LAN); a Metropolitan Area Network (MAN); anOperating Missions as Nodes on the Internet (OMNI); a secured customconnection; a Wide Area Network (WAN); a wireless network (e.g.,employing protocols such as, but not limited to a Wireless ApplicationProtocol (WAP), I-mode, and/or the like); and/or the like. A networkinterface may be regarded as a specialized form of an input outputinterface. Further, multiple network interfaces 810 may be used toengage with various communications network types 813. For example,multiple network interfaces may be employed to allow for thecommunication over broadcast, multicast, and/or unicast networks.

Input Output interfaces (I/O) 808 may accept, communicate, and/orconnect to user input devices 811, peripheral devices 812, cryptographicprocessor devices 828, and/or the like. I/O may employ connectionprotocols such as, but not limited to: audio: analog, digital, monaural,RCA, stereo, and/or the like; data: Apple Desktop Bus (ADB), IEEE1394a-b, serial, universal serial bus (USB); infrared; joystick;keyboard; midi; optical; PC AT; PS/2; parallel; radio; video interface:Apple Desktop Connector (ADC), BNC, coaxial, component, composite,digital, Digital Visual Interface (DVI), high-definition multimediainterface (HDMI), RCA, RF antennae, S-Video, VGA, and/or the like;wireless transceivers: 802.11a/b/g/n/x, Bluetooth, cellular (e.g., codedivision multiple access (CDMA), high speed packet access (HSPA(+)),high-speed downlink packet access (HSDPA), global system for mobilecommunications (GSM), long term evolution (LTE), WiMax, etc.); and/orthe like. One typical output device may include a video display, whichtypically comprises a Cathode Ray Tube (CRT) or Liquid Crystal Display(LCD) based monitor with an interface (e.g., DVI circuitry and cable)that accepts signals from a video interface, may be used. The videointerface composites information generated by a computer systemizationand generates video signals based on the composited information in avideo memory frame. Another output device is a television set, whichaccepts signals from a video interface. Typically, the video interfaceprovides the composited video information through a video connectioninterface that accepts a video display interface (e.g., an RCA compositevideo connector accepting an RCA composite video cable; a DVI connectoraccepting a DVI display cable, etc.).

User input devices 811 often are a type of peripheral device 512 (seebelow) and may include: card readers, dongles, finger print readers,gloves, graphics tablets, joysticks, keyboards, microphones, mouse(mice), remote controls, retina readers, touch screens (e.g.,capacitive, resistive, etc.), trackballs, trackpads, sensors (e.g.,accelerometers, ambient light, GPS, gyroscopes, proximity, etc.),styluses, and/or the like.

Peripheral devices 812 may be connected and/or communicate to I/O and/orother facilities of the like such as network interfaces, storageinterfaces, directly to the interface bus, system bus, the CPU, and/orthe like. Peripheral devices may be external, internal and/or part ofthe HEDO controller. Peripheral devices may include: antenna, audiodevices (e.g., line-in, line-out, microphone input, speakers, etc.),cameras (e.g., still, video, webcam, etc.), dongles (e.g., for copyprotection, ensuring secure transactions with a digital signature,and/or the like), external processors (for added capabilities; e.g.,crypto devices 528), force-feedback devices (e.g., vibrating motors),network interfaces, printers, scanners, storage devices, transceivers(e.g., cellular, GPS, etc.), video devices (e.g., goggles, monitors,etc.), video sources, visors, and/or the like. Peripheral devices ofteninclude types of input devices (e.g., cameras).

It should be noted that although user input devices and peripheraldevices may be employed, the HEDO controller may be embodied as anembedded, dedicated, and/or monitor-less (i.e., headless) device,wherein access would be provided over a network interface connection.

Cryptographic units such as, but not limited to, microcontrollers,processors 826, interfaces 827, and/or devices 828 may be attached,and/or communicate with the HEDO controller. A MC68HC16 microcontroller,manufactured by Motorola Inc., may be used for and/or withincryptographic units. The MC68HC16 microcontroller utilizes a 16-bitmultiply-and-accumulate instruction in the 16 MHz configuration andrequires less than one second to perform a 512-bit RSA private keyoperation. Cryptographic units support the authentication ofcommunications from interacting agents, as well as allowing foranonymous transactions. Cryptographic units may also be configured aspart of the CPU. Equivalent microcontrollers and/or processors may alsobe used. Other commercially available specialized cryptographicprocessors include: Broadcom's CryptoNetX and other Security Processors;nCipher's nShield; SafeNet's Luna PCI (e.g., 7100) series; SemaphoreCommunications' 40 MHz Roadrunner 184; Sun's Cryptographic Accelerators(e.g., Accelerator 6000 PCIe Board, Accelerator 500 Daughtercard); ViaNano Processor (e.g., L2100, L2200, U2400) line, which is capable ofperforming 500+ MB/s of cryptographic instructions; VLSI Technology's 33MHz 6868; and/or the like.

Memory

Generally, any mechanization and/or embodiment allowing a processor toaffect the storage and/or retrieval of information is regarded as memory829. However, memory is a fungible technology and resource, thus, anynumber of memory embodiments may be employed in lieu of or in concertwith one another. It is to be understood that the HEDO controller and/ora computer systemization may employ various forms of memory 829. Forexample, a computer systemization may be configured wherein theoperation of on-chip CPU memory (e.g., registers), RAM, ROM, and anyother storage devices are provided by a paper punch tape or paper punchcard mechanism; however, such an embodiment would result in an extremelyslow rate of operation. In a typical configuration, memory 829 willinclude ROM 806, RAM 805, and a storage device 814. A storage device 814may be any conventional computer system storage. Storage devices mayinclude a drum; a (fixed and/or removable) magnetic disk drive; amagneto-optical drive; an optical drive (i.e., Blueray, CDROM/RAM/Recordable (R)/ReWritable (RW), DVD R/RW, HD DVD R/RW etc.); anarray of devices (e.g., Redundant Array of Independent Disks (RAID));solid state memory devices (USB memory, solid state drives (SSD), etc.);other processor-readable storage mediums; and/or other devices of thelike. Thus, a computer systemization generally requires and makes use ofmemory.

Component Collection

The memory 829 may contain a collection of program and/or databasecomponents and/or data such as, but not limited to: operating systemcomponent(s) 815 (operating system); information server component(s) 816(information server); user interface component(s) 817 (user interface);Web browser component(s) 818 (Web browser); database(s) 819; mail servercomponent(s) 821; mail client component(s) 822; cryptographic servercomponent(s) 820 (cryptographic server); the HEDO component(s) 835; HJComponent 841; HOP Component 842; GHP Component 843; and/or the like(i.e., collectively a component collection). These components may bestored and accessed from the storage devices and/or from storage devicesaccessible through an interface bus. Although non-conventional programcomponents such as those in the component collection, typically, arestored in a local storage device 814, they may also be loaded and/orstored in memory such as: peripheral devices, RAM, remote storagefacilities through a communications network, ROM, various forms ofmemory, and/or the like.

Operating System

The operating system component 815 is an executable program componentfacilitating the operation of the HEDO controller. Typically, theoperating system facilitates access of I/O, network interfaces,peripheral devices, storage devices, and/or the like. The operatingsystem may be a highly fault tolerant, scalable, and secure system suchas: Apple Macintosh OS X (Server); AT&T Plan 9; Be OS; Unix andUnix-like system distributions (such as AT&T's UNIX; Berkley SoftwareDistribution (BSD) variations such as FreeBSD, NetBSD, OpenBSD, and/orthe like; Linux distributions such as Red Hat, Ubuntu, and/or the like);and/or the like operating systems. However, more limited and/or lesssecure operating systems also may be employed such as Apple MacintoshOS, IBM OS/2, Microsoft DOS, Microsoft Windows2000/2003/3.1/95/98/CE/Millenium/NT/Vista/XP/Win7 (Server), Palm OS,and/or the like. An operating system may communicate to and/or withother components in a component collection, including itself, and/or thelike. Most frequently, the operating system communicates with otherprogram components, user interfaces, and/or the like. For example, theoperating system may contain, communicate, generate, obtain, and/orprovide program component, system, user, and/or data communications,requests, and/or responses. The operating system, once executed by theCPU, may enable the interaction with communications networks, data, I/O,peripheral devices, program components, memory, user input devices,and/or the like. The operating system may provide communicationsprotocols that allow the HEDO controller to communicate with otherentities through a communications network 813. Various communicationprotocols may be used by the HEDO controller as a subcarrier transportmechanism for interaction, such as, but not limited to: multicast,TCP/IP, UDP, unicast, and/or the like.

Information Server

An information server component 816 is a stored program component thatis executed by a CPU. The information server may be a conventionalInternet information server such as, but not limited to Apache SoftwareFoundation's Apache, Microsoft's Internet Information Server, and/or thelike. The information server may allow for the execution of programcomponents through facilities such as Active Server Page (ASP), ActiveX,(ANSI) (Objective-) C (++), C# and/or .NET, Common Gateway Interface(CGI) scripts, dynamic (D) hypertext markup language (HTML), FLASH,Java, JavaScript, Practical Extraction Report Language (PERL), HypertextPre-Processor (PHP), pipes, Python, wireless application protocol (WAP),WebObjects, and/or the like. The information server may support securecommunications protocols such as, but not limited to, File TransferProtocol (FTP); HyperText Transfer Protocol (HTTP); Secure HypertextTransfer Protocol (HTTPS), Secure Socket Layer (SSL), messagingprotocols (e.g., America Online (AOL) Instant Messenger (AIM),Application Exchange (APEX), ICQ, Internet Relay Chat (IRC), MicrosoftNetwork (MSN) Messenger Service, Presence and Instant Messaging Protocol(PRIM), Internet Engineering Task Force's (IETF's) Session InitiationProtocol (SIP), SIP for Instant Messaging and Presence LeveragingExtensions (SIMPLE), open XML-based Extensible Messaging and PresenceProtocol (XMPP) (i.e., Jabber or Open Mobile Alliance's (OMA's) InstantMessaging and Presence Service (IMPS)), Yahoo! Instant MessengerService, and/or the like. The information server provides results in theform of Web pages to Web browsers, and allows for the manipulatedgeneration of the Web pages through interaction with other programcomponents. After a Domain Name System (DNS) resolution portion of anHTTP request is resolved to a particular information server, theinformation server resolves requests for information at specifiedlocations on the HEDO controller based on the remainder of the HTTPrequest. For example, a request such ashttp://123.124.125.126/myInformation.html might have the IP portion ofthe request “123.124.125.126” resolved by a DNS server to an informationserver at that IP address; that information server might in turn furtherparse the http request for the “/myInformation.html” portion of therequest and resolve it to a location in memory containing theinformation “myInformation.html.” Additionally, other informationserving protocols may be employed across various ports, e.g., FTPcommunications across port 21, and/or the like. An information servermay communicate to and/or with other components in a componentcollection, including itself, and/or facilities of the like. Mostfrequently, the information server communicates with the HEDO database819, operating systems, other program components, user interfaces, Webbrowsers, and/or the like.

Access to the HEDO database may be achieved through a number of databasebridge mechanisms such as through scripting languages as enumeratedbelow (e.g., CGI) and through inter-application communication channelsas enumerated below (e.g., CORBA, WebObjects, etc.). Any data requeststhrough a Web browser are parsed through the bridge mechanism intoappropriate grammars as required by the HEDO. In one embodiment, theinformation server would provide a Web form accessible by a Web browser.Entries made into supplied fields in the Web form are tagged as havingbeen entered into the particular fields, and parsed as such. The enteredterms are then passed along with the field tags, which act to instructthe parser to generate queries directed to appropriate tables and/orfields. In one embodiment, the parser may generate queries in standardSQL by instantiating a search string with the proper join/selectcommands based on the tagged text entries, wherein the resulting commandis provided over the bridge mechanism to the HEDO as a query. Upongenerating query results from the query, the results are passed over thebridge mechanism, and may be parsed for formatting and generation of anew results Web page by the bridge mechanism. Such a new results Webpage is then provided to the information server, which may supply it tothe requesting Web browser.

Also, an information server may contain, communicate, generate, obtain,and/or provide program component, system, user, and/or datacommunications, requests, and/or responses.

User Interface

Computer interfaces in some respects are similar to automobile operationinterfaces. Automobile operation interface elements such as steeringwheels, gearshifts, and speedometers facilitate the access, operation,and display of automobile resources, and status. Computer interactioninterface elements such as check boxes, cursors, menus, scrollers, andwindows (collectively and commonly referred to as widgets) similarlyfacilitate the access, capabilities, operation, and display of data andcomputer hardware and operating system resources, and status. Operationinterfaces are commonly called user interfaces. Graphical userinterfaces (GUIs) such as the Apple Macintosh Operating System's Aqua,IBM's OS/2, Microsoft's Windows2000/2003/3.1/95/98/CE/Millenium/NT/XP/Vista/7 (i.e., Aero), Unix'sX-Windows (e.g., which may include additional Unix graphic interfacelibraries and layers such as K Desktop Environment (KDE), mythTV and GNUNetwork Object Model Environment (GNOME)), web interface libraries(e.g., ActiveX, AJAX, (D)HTML, FLASH, Java, JavaScript, etc. interfacelibraries such as, but not limited to, Dojo, jQuery UI, MooTools,Prototype, script.aculo.us, SWFObject, Yahoo! User Interface, any ofwhich may be used and provide a baseline and means of accessing anddisplaying information graphically to users.

A user interface component 817 is a stored program component that isexecuted by a CPU. The user interface may be a conventional graphic userinterface as provided by, with, and/or atop operating systems and/oroperating environments such as already discussed. The user interface mayallow for the display, execution, interaction, manipulation, and/oroperation of program components and/or system facilities through textualand/or graphical facilities. The user interface provides a facilitythrough which users may affect, interact, and/or operate a computersystem. A user interface may communicate to and/or with other componentsin a component collection, including itself, and/or facilities of thelike. Most frequently, the user interface communicates with operatingsystems, other program components, and/or the like. The user interfacemay contain, communicate, generate, obtain, and/or provide programcomponent, system, user, and/or data communications, requests, and/orresponses.

Web Browser

A Web browser component 818 is a stored program component that isexecuted by a CPU. The Web browser may be a conventional hypertextviewing application such as Microsoft Internet Explorer or NetscapeNavigator. Secure Web browsing may be supplied with 128 bit (or greater)encryption by way of HTTPS, SSL, and/or the like. Web browsers allowingfor the execution of program components through facilities such asActiveX, AJAX, (D)HTML, FLASH, Java, JavaScript, web browser plug-inAPIs (e.g., Firefox, Safari Plug-in, and/or the like APIs), and/or thelike. Web browsers and like information access tools may be integratedinto PDAs, cellular telephones, and/or other mobile devices. A Webbrowser may communicate to and/or with other components in a componentcollection, including itself, and/or facilities of the like. Mostfrequently, the Web browser communicates with information servers,operating systems, integrated program components (e.g., plug-ins),and/or the like; e.g., it may contain, communicate, generate, obtain,and/or provide program component, system, user, and/or datacommunications, requests, and/or responses. Also, in place of a Webbrowser and information server, a combined application may be developedto perform similar operations of both. The combined application wouldsimilarly affect the obtaining and the provision of information tousers, user agents, and/or the like from the HEDO enabled nodes. Thecombined application may be nugatory on systems employing standard Webbrowsers.

Mail Server

A mail server component 821 is a stored program component that isexecuted by a CPU 803. The mail server may be a conventional Internetmail server such as, but not limited to sendmail, Microsoft Exchange,and/or the like. The mail server may allow for the execution of programcomponents through facilities such as ASP, ActiveX, (ANSI) (Objective-)C (++), C# and/or .NET, CGI scripts, Java, JavaScript, PERL, PHP, pipes,Python, WebObjects, and/or the like. The mail server may supportcommunications protocols such as, but not limited to: Internet messageaccess protocol (IMAP), Messaging Application Programming Interface(MAPI)/Microsoft Exchange, post office protocol (POPS), simple mailtransfer protocol (SMTP), and/or the like. The mail server can route,forward, and process incoming and outgoing mail messages that have beensent, relayed and/or otherwise traversing through and/or to the HEDO.

Access to the HEDO mail may be achieved through a number of APIs offeredby the individual Web server components and/or the operating system.

Also, a mail server may contain, communicate, generate, obtain, and/orprovide program component, system, user, and/or data communications,requests, information, and/or responses.

Mail Client

A mail client component 822 is a stored program component that isexecuted by a CPU 803. The mail client may be a conventional mailviewing application such as Apple Mail, Microsoft Entourage, MicrosoftOutlook, Microsoft Outlook Express, Mozilla, Thunderbird, and/or thelike. Mail clients may support a number of transfer protocols, such as:IMAP, Microsoft Exchange, POPS, SMTP, and/or the like. A mail client maycommunicate to and/or with other components in a component collection,including itself, and/or facilities of the like. Most frequently, themail client communicates with mail servers, operating systems, othermail clients, and/or the like; e.g., it may contain, communicate,generate, obtain, and/or provide program component, system, user, and/ordata communications, requests, information, and/or responses. Generally,the mail client provides a facility to compose and transmit electronicmail messages.

Cryptographic Server

A cryptographic server component 820 is a stored program component thatis executed by a CPU 803, cryptographic processor 826, cryptographicprocessor interface 827, cryptographic processor device 828, and/or thelike. Cryptographic processor interfaces will allow for expedition ofencryption and/or decryption requests by the cryptographic component;however, the cryptographic component, alternatively, may run on aconventional CPU. The cryptographic component allows for the encryptionand/or decryption of provided data. The cryptographic component allowsfor both symmetric and asymmetric (e.g., Pretty Good Protection (PGP))encryption and/or decryption. The cryptographic component may employcryptographic techniques such as, but not limited to: digitalcertificates (e.g., X.509 authentication framework), digital signatures,dual signatures, enveloping, password access protection, public keymanagement, and/or the like. The cryptographic component will facilitatenumerous (encryption and/or decryption) security protocols such as, butnot limited to: checksum, Data Encryption Standard (DES), EllipticalCurve Encryption (ECC), International Data Encryption Algorithm (IDEA),Message Digest5 (MD5, which is a one way hash operation), passwords,Rivest Cipher (RC5), Rijndael, RSA (which is an Internet encryption andauthentication system that uses an algorithm developed in 1977 by RonRivest, Adi Shamir, and Leonard Adleman), Secure Hash Algorithm (SHA),Secure Socket Layer (SSL), Secure Hypertext Transfer Protocol (HTTPS),and/or the like. Employing such encryption security protocols, the HEDOmay encrypt all incoming and/or outgoing communications and may serve asnode within a virtual private network (VPN) with a wider communicationsnetwork. The cryptographic component facilitates the process of“security authorization” whereby access to a resource is inhibited by asecurity protocol wherein the cryptographic component effects authorizedaccess to the secured resource. In addition, the cryptographic componentmay provide unique identifiers of content, e.g., employing and MD5 hashto obtain a unique signature for an digital audio file. A cryptographiccomponent may communicate to and/or with other components in a componentcollection, including itself, and/or facilities of the like. Thecryptographic component supports encryption schemes allowing for thesecure transmission of information across a communications network toenable the HEDO component to engage in secure transactions if sodesired. The cryptographic component facilitates the secure accessing ofresources on the HEDO and facilitates the access of secured resources onremote systems; i.e., it may act as a client and/or server of securedresources. Most frequently, the cryptographic component communicateswith information servers, operating systems, other program components,and/or the like. The cryptographic component may contain, communicate,generate, obtain, and/or provide program component, system, user, and/ordata communications, requests, and/or responses.

The HEDO Database

The HEDO database component 819 may be embodied in a database and itsstored data. The database is a stored program component, which isexecuted by the CPU; the stored program component portion configuringthe CPU to process the stored data. The database may be a conventional,fault tolerant, relational, scalable, secure database such as Oracle orSybase. Relational databases are an extension of a flat file. Relationaldatabases consist of a series of related tables. The tables areinterconnected via a key field. Use of the key field allows thecombination of the tables by indexing against the key field; i.e., thekey fields act as dimensional pivot points for combining informationfrom various tables. Relationships generally identify links maintainedbetween tables by matching primary keys. Primary keys represent fieldsthat uniquely identify the rows of a table in a relational database.More precisely, they uniquely identify rows of a table on the “one” sideof a one-to-many relationship.

Alternatively, the HEDO database may be implemented using variousstandard data-structures, such as an array, hash, (linked) list, struct,structured text file (e.g., XML), table, and/or the like. Suchdata-structures may be stored in memory and/or in (structured) files. Inanother alternative, an object-oriented database may be used, such asFrontier, ObjectStore, Poet, Zope, and/or the like. Object databases caninclude a number of object collections that are grouped and/or linkedtogether by common attributes; they may be related to other objectcollections by some common attributes. Object-oriented databases performsimilarly to relational databases with the exception that objects arenot just pieces of data but may have other types of capabilitiesencapsulated within a given object. If the HEDO database is implementedas a data-structure, the use of the HEDO database 819 may be integratedinto another component such as the HEDO component 835. Also, thedatabase may be implemented as a mix of data structures, objects, andrelational structures. Databases may be consolidated and/or distributedin countless variations through standard data processing techniques.Portions of databases, e.g., tables, may be exported and/or imported andthus decentralized and/or integrated.

In one embodiment, the database component 819 includes several tables819 a-m. A Users table 819 a may include fields such as, but not limitedto: user_id, ssn, dob, first_name, last_name, age, state,address_firstline, address_secondline, zipcode, devices_list,contact_info, contact_type, alt_contact_info, alt_contact_type, and/orthe like. The Users table may support and/or track multiple entityaccounts on a HEDO. A Clients table 819 b may include fields such as,but not limited to: client_id, client_name, client_ip, client_type,client_model, operating_system, os_version, app_installed_flag, and/orthe like. An Apps table 819 c may include fields such as, but notlimited to: app_id, app_name, app_type, os_compatibilities_list,version, timestamp, developer_id, and/or the like. A Merchants table 819d may include fields such as, but not limited to: merchant_id,merchant_name, merchant_address, ip_address, mac_address, auth_key,port_num, security_settings_list, and/or the like. An Issuers table 819e may include fields such as, but not limited to: issuer_id,issuer_name, issuer_address, ip_address, mac_address, auth_key,port_num, security_settings_list, and/or the like. An Acquirers table819 f may include fields such as, but not limited to: acquirer_id,acquirer_name, acquirer_gateway_id, issuer_aquirer_flag,institution_name, and/or the like. An Accounts table 819 g may includefields such as, but not limited to: account_id, account_firstname,account_lastname, account_type, account_num, account_balance_list,billingaddress_line1, billingaddress_line2, billing_zipcode,billing_state, shipping_preferences, shippingaddress_line1,shippingaddress_line2, shipping_zipcode, shipping_state, and/or thelike. A Transactions table 819 h may include fields such as, but notlimited to: transaction_id, user_id, timestamp, transaction_cost,purchase_details_list, num_products, products_list, product_type,product_params_list, product_title, product_summary, quantity,account_firstname, account_lastname, account_type, account_num,billingaddress_line1, billingaddress_line2, billing_zipcode,billing_state, shipping_preferences, shippingaddress_line1,shippingaddress_line2, shipping_zipcode, shipping_state, merchant_id,merchant_name, merchant_auth_key, and/or the like. An Encryption table819 i may include fields such as, but not limited to: encryption_id,encryption_scheme, encryption_method, salt_value, key_ids, and/or thelike. A Models table 819 j may include fields such as, but not limitedto: model_id, model_name, user_id, issuer_id, merchant_id,model_description, model_commands, and/or the like. A Keys table 819 kmay include fields such as, but not limited to: key_id,key_decrypts_record_pointer, generated_date, owned_by_id, user_id,acquirer_id, merchant_id, server_identifier, key_expiration, and/or thelike. A Grouping Keys table 819 l may include fields such as, but notlimited to: grouping_key_id, sub_key_of_key_id, key_id, description,server_identifier, table_id, table_names, table_grouping_fields,table_grouping_rangees, and/or the like. A Table Schemas table 819 m mayinclude fields such as, but not limited to: table_schema_id,server_identifier, table_names, table_structure, grouping_method,table_encrypted_values, table_encrypted_value_methods, and/or the like.

In one embodiment, the HEDO database may interact with other databasesystems. For example, employing a distributed database system, queriesand data access by search HEDO component may treat the combination ofthe HEDO database, an integrated data security layer database as asingle database entity.

In one embodiment, user programs may contain various user interfaceprimitives, which may serve to update the HEDO. Also, various accountsmay require custom database tables depending upon the environments andthe types of clients the HEDO may need to serve. It should be noted thatany unique fields may be designated as a key field throughout. In analternative embodiment, these tables have been decentralized into theirown databases and their respective database controllers (i.e.,individual database controllers for each of the above tables). Employingstandard data processing techniques, one may further distribute thedatabases over several computer systemizations and/or storage devices.Similarly, configurations of the decentralized database controllers maybe varied by consolidating and/or distributing the various databasecomponents 819 a-m. The HEDO may be configured to keep track of varioussettings, inputs, and parameters via database controllers.

The HEDO database may communicate to and/or with other components in acomponent collection, including itself, and/or facilities of the like.Most frequently, the HEDO database communicates with the HEDO component,other program components, and/or the like. The database may contain,retain, and provide information regarding other nodes and data.

The HEDOs

The HEDO component 835 is a stored program component that is executed bya CPU. In one embodiment, the HEDO component incorporates any and/or allcombinations of the aspects of the HEDO that was discussed in theprevious figures. As such, the HEDO affects accessing, obtaining and theprovision of information, services, transactions, and/or the like acrossvarious communications networks. The features and embodiments of theHEDO discussed herein increase network efficiency by reducing datatransfer requirements the use of more efficient data structures andmechanisms for their transfer and storage. As a consequence, more datamay be transferred in less time, and latencies with regard totransactions, are also reduced. In many cases, such reduction instorage, transfer time, bandwidth requirements, latencies, etc., willreduce the capacity and structural infrastructure requirements tosupport the HEDO's features and facilities, and in many cases reduce thecosts, energy consumption/requirements, and extend the life of HEDO'sunderlying infrastructure; this has the added benefit of making the HEDOmore reliable. Similarly, many of the features and mechanisms aredesigned to be easier for users to use and access, thereby broadeningthe audience that may enjoy/employ and exploit the feature sets of theHEDO; such ease of use also helps to increase the reliability of theHEDO. In addition, the feature sets include heightened security as notedvia the Cryptographic components 820, 826, 828 and throughout, makingaccess to the features and data more reliable and secure.

The HEDO component may transform transaction storage requests and modelquery requests, and/or the like and use the HEDO. In one embodiment, theHEDO component 835 takes inputs (e.g., transaction storage request 203a, 203 b, HEDO package storage request 208, homomorphic insertion 212,model query request 303, request grouping keys 306, HEDO model queryrequest 309, HEDO query 312 and/or the like) etc., and transforms theinputs via various components (e.g., HJ Component 841; HOP Component842; GHP Component 843, and/or the like), into outputs (e.g., HEDOresults response 317, HEDO model query results 319, receive groupingkeys 308, model query response 321, render model query output 322,and/or the like).

The HEDO component enabling access of information between nodes may bedeveloped by employing standard development tools and languages such as,but not limited to: Apache components, Assembly, ActiveX, binaryexecutables, (ANSI) (Objective-) C (++), C# and/or .NET, databaseadapters, CGI scripts, Java, JavaScript, mapping tools, procedural andobject oriented development tools, PERL, PHP, Python, shell scripts, SQLcommands, web application server extensions, web developmentenvironments and libraries (e.g., Microsoft's ActiveX; Adobe AIR, FLEX &FLASH; AJAX; (D)HTML; Dojo, Java; JavaScript; jQuery(UI); MooTools;Prototype; script.aculo.us; Simple Object Access Protocol (SOAP);SWFObject; Yahoo! User Interface; and/or the like), WebObjects, and/orthe like. In one embodiment, the HEDO server employs a cryptographicserver to encrypt and decrypt communications. The HEDO component maycommunicate to and/or with other components in a component collection,including itself, and/or facilities of the like. Most frequently, theHEDO component communicates with the HEDO database, operating systems,other program components, and/or the like. The HEDO may contain,communicate, generate, obtain, and/or provide program component, system,user, and/or data communications, requests, and/or responses.

Distributed HEDOs

The structure and/or operation of any of the HEDO node controllercomponents may be combined, consolidated, and/or distributed in anynumber of ways to facilitate development and/or deployment. Similarly,the component collection may be combined in any number of ways tofacilitate deployment and/or development. To accomplish this, one mayintegrate the components into a common code base or in a facility thatcan dynamically load the components on demand in an integrated fashion.

The component collection may be consolidated and/or distributed incountless variations through standard data processing and/or developmenttechniques. Multiple instances of any one of the program components inthe program component collection may be instantiated on a single node,and/or across numerous nodes to improve performance throughload-balancing and/or data-processing techniques. Furthermore, singleinstances may also be distributed across multiple controllers and/orstorage devices; e.g., databases. All program component instances andcontrollers working in concert may do so through standard dataprocessing communication techniques.

The configuration of the HEDO controller will depend on the context ofsystem deployment. Factors such as, but not limited to, the budget,capacity, location, and/or use of the underlying hardware resources mayaffect deployment requirements and configuration. Regardless of if theconfiguration results in more consolidated and/or integrated programcomponents, results in a more distributed series of program components,and/or results in some combination between a consolidated anddistributed configuration, data may be communicated, obtained, and/orprovided. Instances of components consolidated into a common code basefrom the program component collection may communicate, obtain, and/orprovide data. This may be accomplished through intra-application dataprocessing communication techniques such as, but not limited to: datareferencing (e.g., pointers), internal messaging, object instancevariable communication, shared memory space, variable passing, and/orthe like.

If component collection components are discrete, separate, and/orexternal to one another, then communicating, obtaining, and/or providingdata with and/or to other component components may be accomplishedthrough inter-application data processing communication techniques suchas, but not limited to: Application Program Interfaces (API) informationpassage; (distributed) Component Object Model ((D)COM), (Distributed)Object Linking and Embedding ((D)OLE), and/or the like), Common ObjectRequest Broker Architecture (CORBA), Jini local and remote applicationprogram interfaces, JavaScript Object Notation (JSON), Remote MethodInvocation (RMI), SOAP, process pipes, shared files, and/or the like.Messages sent between discrete component components forinter-application communication or within memory spaces of a singularcomponent for intra-application communication may be facilitated throughthe creation and parsing of a grammar. A grammar may be developed byusing development tools such as lex, yacc, XML, and/or the like, whichallow for grammar generation and parsing capabilities, which in turn mayform the basis of communication messages within and between components.

For example, a grammar may be arranged to recognize the tokens of anHTTP post command, e.g.:

-   -   w3c-post http:// . . . Value1

where Value1 is discerned as being a parameter because “http://” is partof the grammar syntax, and what follows is considered part of the postvalue. Similarly, with such a grammar, a variable “Value1” may beinserted into an “http://” post command and then sent. The grammarsyntax itself may be presented as structured data that is interpretedand/or otherwise used to generate the parsing mechanism (e.g., a syntaxdescription text file as processed by lex, yacc, etc.). Also, once theparsing mechanism is generated and/or instantiated, it itself mayprocess and/or parse structured data such as, but not limited to:character (e.g., tab) delineated text, HTML, structured text streams,XML, and/or the like structured data. In another embodiment,inter-application data processing protocols themselves may haveintegrated and/or readily available parsers (e.g., JSON, SOAP, and/orlike parsers) that may be employed to parse (e.g., communications) data.Further, the parsing grammar may be used beyond message parsing, but mayalso be used to parse: databases, data collections, data stores,structured data, and/or the like. Again, the desired configuration willdepend upon the context, environment, and requirements of systemdeployment.

For example, in some implementations, the HEDO controller may beexecuting a PHP script implementing a Secure Sockets Layer (“SSL”)socket server via the information server, which listens to incomingcommunications on a server port to which a client may send data, e.g.,data encoded in JSON format. Upon identifying an incoming communication,the PHP script may read the incoming message from the client device,parse the received JSON-encoded text data to extract information fromthe JSON-encoded text data into PHP script variables, and store the data(e.g., client identifying information, etc.) and/or extractedinformation in a relational database accessible using the StructuredQuery Language (“SQL”). An exemplary listing, written substantially inthe form of PHP/SQL commands, to accept JSON-encoded input data from aclient device via a SSL connection, parse the data to extract variables,and store the data to a database, is provided below:

<?PHP header(′Content-Type: text/plain′); //set ip address and port tolisten to for incoming data $address = ′192.168.0.100′; $port = 255;//create a server-side SSL socket, listen //for/accept incomingcommunication $sock = socket_create(AF_INET, SOCK_STREAM, 0);socket_bind($sock, $address, $port)  or die(′Could not bind toaddress′); socket_listen($sock); $client = socket_accept($sock); //readinput data from client device in 1024 byte //blocks until end of messagedo {   $input = ″″;   $input = socket_read($client, 1024);   $data .=$input; } while($input != ″″); // parse data to extract variables $obj =json_decode($data, true); // store input data in a databasemysql_connect(″10.1.1.1″,$srvr,$pass); // access database servermysql_select(″CLIENT_DB.SQL″); // select database to appendmysql_query(″INSERT INTO UserTable (transmission) VALUES ($data)″); //add data to UserTable table in a CLIENT databasemysql_close(″CLIENT_DB.SQL″); // close connection to database ?>

Also, the following resources may be used to provide example embodimentsregarding SOAP parser implementation:

-   -   http://www.xay.com/perl/site/lib/SOAP/Parser.html    -   http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?        topic=/com.ibm.IBMDI.doc/referenceguide295.htm

and other parser implementations:

-   -   http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?        topic=/com.ibm.IBMDI.doc/referenceguide259.htm

all of which are hereby expressly incorporated by reference.

In order to address various issues and advance the art, the entirety ofthis application for HEDO (including the Cover Page, Title, Headings,Field, Background, Summary, Brief Description of the Drawings, DetailedDescription, Claims, Abstract, Figures, Appendices, and otherwise)shows, by way of illustration, various embodiments in which the claimedinnovations may be practiced. The advantages and features of theapplication are of a representative sample of embodiments only, and arenot exhaustive and/or exclusive. They are presented only to assist inunderstanding and teach the claimed principles. It should be understoodthat they are not representative of all claimed innovations. As such,certain aspects of the disclosure have not been discussed herein. Thatalternate embodiments may not have been presented for a specific portionof the innovations or that further undescribed alternate embodiments maybe available for a portion is not to be considered a disclaimer of thosealternate embodiments. It will be appreciated that many of thoseundescribed embodiments incorporate the same principles of theinnovations and others are equivalent. Thus, it is to be understood thatother embodiments may be utilized and functional, logical, operational,organizational, structural and/or topological modifications may be madewithout departing from the scope and/or spirit of the disclosure. Assuch, all examples and/or embodiments are deemed to be non-limitingthroughout this disclosure. Also, no inference should be drawn regardingthose embodiments discussed herein relative to those not discussedherein other than it is as such for purposes of reducing space andrepetition. For instance, it is to be understood that the logical and/ortopological structure of any combination of any program components (acomponent collection), other components and/or any present feature setsas described in the figures and/or throughout are not limited to a fixedoperating order and/or arrangement, but rather, any disclosed order isexemplary and all equivalents, regardless of order, are contemplated bythe disclosure. Furthermore, it is to be understood that such featuresare not limited to serial execution, but rather, any number of threads,processes, services, servers, and/or the like that may executeasynchronously, concurrently, in parallel, simultaneously,synchronously, and/or the like are contemplated by the disclosure. Assuch, some of these features may be mutually contradictory, in that theycannot be simultaneously present in a single embodiment. Similarly, somefeatures are applicable to one aspect of the innovations, andinapplicable to others. In addition, the disclosure includes otherinnovations not presently claimed. Applicant reserves all rights inthose presently unclaimed innovations including the right to claim suchinnovations, file additional applications, continuations, continuationsin part, divisions, and/or the like thereof. As such, it should beunderstood that advantages, embodiments, examples, functional, features,logical, operational, organizational, structural, topological, and/orother aspects of the disclosure are not to be considered limitations onthe disclosure as defined by the claims or limitations on equivalents tothe claims. It is to be understood that, depending on the particularneeds and/or characteristics of a HEDO individual and/or enterpriseuser, database configuration and/or relational model, data type, datatransmission and/or network framework, syntax structure, and/or thelike, various embodiments of the HEDO, may be implemented that enable agreat deal of flexibility and customization. For example, aspects of theHEDO may be adapted for restaurant dining, online shopping,brick-and-mortar shopping, secured information processing, and/or thelike. While various embodiments and discussions of the HEDO have beendirected to electronic purchase transactions, however, it is to beunderstood that the embodiments described herein may be readilyconfigured and/or customized for a wide variety of other applicationsand/or implementations.

As additional examples of the wide scope of the systems and methodsdisclosed herein, the following example illustrates a fraud scenario. Inthis example, multiple purchases were made by the same cardholder at thesame merchant type (MCC) with cards for multiple issuers. Merchant typeswere either gasoline/service stations or high-end electronics. Ticketvalue was $1500 plus for high-end electronics and $200 plus forgasoline. FIG. 9 shows an example of targeting fraud using HEDOoperations. At step 902, the issuing bank is identified by datacollected by Visa. The system retrieves all Visa cards (PANs) issued bythe issuing bank at step 904. At step 906, the cardholder is identifiedfor each PAN, and all Visa cards held by each cardholder is identifiedat step 908. Step 910 examines transactions made by all Visa cards heldby each cardholder to find fraudulent activity. For suspected fraudulenttransactions, step 912 reports issuer surname, PAN, and MCC for furtherinvestigation. At step 914, Visa sends similar reports to all otherimpacted issuers. FIG. 10 depicts a sample representation involving aVisa credit card 1002 and a Visa debit card 1004 that are being handledby merchants. An alert symbol is provided for any identified issues.

It should be understood that different or additional embodiments can beconsidered in such examples. For example, in one embodiment, the systemsand methods may use live data including timestamps to add anotherdimension of analysis. As another example, multi-party agreements mayenable account-level analysis, rather than only at the PAN or surnamelevel.

Other embodiments include multiple public/private keys being requiredand/or multiple encryption schemes being used. Software/hardwareoptimizations can also be used with fully homomorphic encryption. Inanother embodiment, multi-party relationships can be used to harness thebenefits of aggregate data. Still further, the systems and methodsdisclosed herein can run on modeled data, not live data. In anotherembodiment, the model strives to encapsulate reality and contains keydomain knowledge. Additionally, if fully homomorphic encryption takes anexcessively long time to compute, then somewhat homomorphic encryptioncan be used as described in Appendix A of the following application:United States provisional patent application Ser. No. 61/861,368, filedAug. 1, 2013, attorney docket no. 532US01, entitled “HomomorphicDatabase Operations Apparatuses, Methods and Systems,” which isexpressly incorporated herein by reference.

As another example, HEDO operations can also be used with customeracquisition. In one scenario, the merchant may be looking for consumerswho match its customer demographics by querying transactions made byrelated merchants. As an example, FIG. 11 illustrates at 1102 analysisinvolving “Tiffany” offering a new sterling silver tag that it wishes tomarket to frequent purchasers of coach and/or Louis Vuitton handbags.The analysis using HEDO operations identifies such customers at region1104. This can optimize the merchant's marketing dollars by developingprecise marketing campaigns to reach new customers who are in themerchant's exact target market. Product-level data can also beincorporated in the analysis. Because of such operations, Visa canprovide the conduit for the offer without revealing private customerinformation. Also, targeted customers could opt-in to the Visa offersprogram.

Other embodiments involving HEDO operations can include (Dis-)Loyaltyscenarios. As an illustration, a merchant can compare its customers'transactions with those made at its competitors. Analysis involving HEDOoperations can assess which customers are the most valuable to thetarget with marketing campaigns to convert to higher transactions versusloyal customers to the company or to its competitors. Reports based uponsuch analysis can be generated including the graphical report andcomparison shown in FIG. 12 at 1202. In one embodiment, information maybe made more useful with product-level data rather than with only ticketvalues. Additionally, implementations using live data could includetimestamps and geo-location to further assist in precise targeting.

1-16. (canceled)
 17. An encrypted table value homomorphically joiningapparatus, comprising: a memory; and a processor disposed incommunication with said memory, and configured to issue a plurality ofprocessing instructions stored in the memory, wherein the processorissues instructions to: receive a model query for processing, whereinthe model query requires data values from more than one table in a datarepository; based on the model query, determine a join type to perform,a plurality of tables to be joined, and a plurality of fields on whichto join the plurality of tables; determine that the plurality of fieldson which to join includes at least one field that containshomomorphically encrypted data; determine a homomorphic join strategy;perform a homomorphic join using the plurality of fields; and providethe resultant homomorphically joined tables, wherein the homomorphicjoin strategy is directly comparing values in two homomorphicallyencrypted fields when it is determined that the fields have both beenencrypted using a common deterministic encryption scheme.
 18. Theapparatus of claim 17, wherein the processor further issues instructionsto: analyze the resultant joined tables to determine that at least onerecord in the resultant joined tables requires further processing; anddetermine that the at least one record in the resultant joined tablescontains homomorphically encrypted data.
 19. The apparatus of claim 18,wherein the processor further issues instructions to perform ahomomorphically optimized addition function to add the homomorphicallyencrypted data values contained in the at least one record.
 20. Theapparatus of claim 17, wherein the homomorphic join strategy is using akey common to all values in at least one of the plurality of fields todecrypt the plurality of homomorphically encrypted values in a field.21. The apparatus of claim 17, wherein when the homomorphic joinstrategy is to utilize grouping keys, additionally comprisinginstructions to: receive a plurality of grouping keys; determine a rangeof fields values that each grouping key may be used to decrypt; anddecrypt each of the values in each of the ranges using the groupingkeys.
 22. The apparatus of claim 17, additionally comprisinginstructions to aggregate results from the resultant homomorphicallyjoined tables.
 23. The apparatus of claim 22, wherein aggregatinginvolves leaving encrypted space and re-entering space.
 24. Theapparatus of claim 22, wherein the aggregation is performed completelyin encrypted space.
 25. A processor implemented method ofhomomorphically joining repository tables using encrypted table values,comprising: receiving, using one or more data processors, a model queryfor processing, wherein the model query requires data values from morethan one table in a data repository; based on the model query,determining, using the one or more data processors, a join type toperform, a plurality of tables to be joined, and a plurality of fieldson which to join the plurality of tables; determining, using the one ormore data processors, that the plurality of fields on which to joinincludes at least one field that contains homomorphically encrypteddata; determining a homomorphic join strategy; performing, using the oneor more data processors, a homomorphic join using the plurality offields; and providing, using the one or more data processors, theresultant homomorphically joined tables, wherein the homomorphic joinstrategy is directly comparing values in two homomorphically encryptedfields when it is determined that the fields have both been encryptedusing a common deterministic encryption scheme.
 26. The method of claim25, further comprising: analyzing the resultant joined tables todetermine that at least one record in the resultant joined tablesrequires further processing; and determining that the at least onerecord in the resultant joined tables contains homomorphically encrypteddata.
 27. The apparatus of claim 26, wherein the processor furtherissues instructions to perform a homomorphically optimized additionfunction to add the homomorphically encrypted data values contained inthe at least one record.
 28. The method of claim 25, wherein thehomomorphic join strategy is using a key common to all values in atleast one of the plurality of fields to decrypt the plurality ofhomomorphically encrypted values in a field.
 29. The method of claim 25,wherein when the homomorphic join strategy is to utilize grouping keys,additionally comprising: receiving a plurality of grouping keys;determining a range of fields values that each grouping key may be usedto decrypt; and decrypting each of the values in each of the rangesusing the grouping keys.
 30. The method of claim 25, additionallycomprising aggregating results from the resultant homomorphically joinedtables.
 31. The method of claim 30, wherein aggregating involves leavingencrypted space and re-entering space.
 32. The method of claim 30,wherein the aggregation is performed completely in encrypted space. 33.A non-transitory computer readable medium storing instructions that,when executed, cause an apparatus at least to perform: receiving modelquery for processing, wherein the model query requires data values frommore than one table in a data repository; based on the model query ajoin type to perform, a plurality of tables to be joined, and aplurality of fields on which to join the plurality of tables;determining that the plurality of fields on which to join includes atleast one field that contains homomorphically encrypted data;determining a homomorphic join strategy; performing a homomorphic joinusing the plurality of fields; and providing the resultanthomomorphically joined tables, wherein the homomorphic join strategy isdirectly comparing values in two homomorphically encrypted fields whenit is determined that the fields have both been encrypted using a commondeterministic encryption scheme.
 34. The non-transitory computerreadable medium of claim 33 further comprising instructions causing theapparatus to perform: analyzing the resultant joined tables to determinethat at least one record in the resultant joined tables requires furtherprocessing; and determining that the at least one record in theresultant joined tables contains homomorphically encrypted data.
 35. Thenon-transitory computer readable medium of claim 34 further comprisinginstructions causing the apparatus to perform a homomorphicallyoptimized addition function to add the homomorphically encrypted datavalues contained in the at least one record.
 36. The non-transitorycomputer readable medium of claim 33 further comprising instructionscausing the apparatus to perform aggregating results from the resultanthomomorphically joined tables.